Author Archive for: ‘muts’

A recent video submission by Abysssec demonstrates the Internet Explorer CSS 0day currently rampaging – reliably working on Windows 7 and Vista. The exploit bypasses DEP and ASLR without the use of any 3rd party extensions. http://vimeo.com/18023495 There doesn’t seem to be a lot of …

An interesting submission in from the Exploit Database – a Godaddy workspace XSS vulnerability. Although we did not post it (live site), the vulnerability seems real, and definitely worth mentioning.

In essence, this vulnerability allows an attacker to send malicious JavaScript to a non suspecting victim – allowing stealing of cookies and other nasty stuff. Effectively, if you are using the Godaddy web interface, an attacker can acquire a your session information and log to the account with no credentials.All Godaddy workspace users, ph33r.

Aloha Offsec students! You’ve been slapped around by Bob, abused by Nicky and crushed by NNM. Just as you thought it was over, Offensive Security now comes up with a brand new type of pain. This one is for all your hardcore exploit developers out there, who want a real challenge – an Offsec “Exploit Weekend”.

The guys at the Exploit Database posted an awesome writeup on a Winamp 5.58 Exploit Development storming session – with some really cool results. In the end, they ended up writing a short assembly sequence to walk through the payload and replace bad characters with original shellcode bytes. Read more – Winamp 5.58 from Dos to Code Execution

It’s not often we wake up and find a massive 0day submitted to the Exploit Database – but today was different. Abysssec security released an Adobe Shockwave player 0day. We verified the exploit as part as our verification process in the Exploit database and made a short movie to demonstrate the the vulnerability.

Penetration Testing with BackTrack – There has been a lot of focus on high quality training for security professionals lately in the news. Even the US Government has issued statements about the need for security training to be different in the market today. Much of their research has led them to say that a real-world, hands-on approach to training is more effective than the typical multiple choice training that is out there.

Once again, we have a few exciting updates we would like to inform you about. First and foremost, our Metasploit Unleashed Free Training course is going through a major overhaul, and will be updated and maintained on a monthly basis. You can expect a whole lot of new content being added onto the Metasploit Unleashed Wiki in the next few months.

Each year companies lose millions in security breaches. High quality Information Security Awareness is probably one of the most important remedies for these attacks. For a long time we have held to the thought that the human element is the weakest link in the chain, and the Social Engineering Contest at Defcon 18 really drove the point through.

Just a quick update on getting your favorite tools on iOS 4 – Metasploit and SET. You need to have a Jailbroken iPhone with SSH access for this. You will also need to install nano and APT 0.7 Strict via Cydia. Unlike all other major revisions of Cydia, getting everything up and running is a breeze now.

About the OSCP

The strong technical foundation of the Offensive Security training content, coupled with a rigorous testing process has established the OSCP certification as the most relevant education in the pen-testing space. Accuvant LABS requires any prospective consultants to pass the OSCP exam before applying to our attack & penetration team. – VP of the Attack and Penetration Testing Team, Accuvant.

Our Jam - "Call Offsec "

Offsec Say Try Harder!

Popular Posts

Penetration Testing with Kali Linux
Penetration Testing with Kali Linux (PWK) is an online training course designed for network administrators and security professionals who need to acquaint themselves with the world of offensive information security. This penetration testing training introduces the latest hacking tools and...

IRC GuideWhat is IRC?
Internet Relay Chat (IRC) is a form of real time chat designed for group (channel) communication or private communication via private messaging. IRC was created back in 1988 by Jarkko Oikarinen, and since then, its popularity has grown...

Offsec Say – Try Harder!Offsec students go through hell. They endure levels of stress and frustration beyond what is considered normal, and we at Offsec appreciate this. So much in fact, that we've dedicated the following song to anyone who's taken an Offsec course,...